Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/Lzej5VZ4HKwZJKAPDwbS9jXGcwc.roa
File:                     Lzej5VZ4HKwZJKAPDwbS9jXGcwc.roa (raw, json)
Hash identifier:          HnUxl+oJWsfb+p7InVynLDW2Eiil6+26Dfno4jpAEo8=
Subject key identifier:   2F:37:A3:E5:56:78:1C:AC:19:24:A0:0F:0F:06:D2:F6:35:C6:73:07
Certificate issuer:       /CN=6b22ad4cf647a48b631ff84f227ea0252130552d
Certificate serial:       018CCA284D1DE241652CC8007F01607050FD
Authority key identifier: 6B:22:AD:4C:F6:47:A4:8B:63:1F:F8:4F:22:7E:A0:25:21:30:55:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ayKtTPZHpItjH_hPIn6gJSEwVS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/Lzej5VZ4HKwZJKAPDwbS9jXGcwc.roa
Signing time:             Tue 02 Jan 2024 12:31:27 +0000
ROA not before:           Tue 02 Jan 2024 12:31:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     149440
IP address blocks:        193.247.144.0/24 maxlen: 24
                          91.218.183.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/ayKtTPZHpItjH_hPIn6gJSEwVS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/ayKtTPZHpItjH_hPIn6gJSEwVS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ayKtTPZHpItjH_hPIn6gJSEwVS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 04:03:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:4d:1d:e2:41:65:2c:c8:00:7f:01:60:70:50:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b22ad4cf647a48b631ff84f227ea0252130552d
        Validity
            Not Before: Jan  2 12:31:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2f37a3e556781cac1924a00f0f06d2f635c67307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:18:ba:f1:62:9b:b8:2f:8c:64:5a:47:c7:89:
                    93:c6:29:2f:f7:e5:af:dd:7d:0e:20:b5:59:4b:c9:
                    92:12:93:d7:a1:82:44:bc:00:c1:39:45:ee:a4:74:
                    14:09:19:61:44:25:3f:cd:e5:68:3d:92:9c:c3:2c:
                    e9:d3:28:d8:48:52:72:fb:25:c5:1d:5a:f5:cb:4d:
                    a6:a6:d9:06:16:1a:d6:ba:c8:11:d1:8c:75:ea:02:
                    a1:e3:db:c5:d5:9d:92:db:f8:9d:d5:bc:0c:90:d9:
                    10:24:42:c0:55:c9:ed:f6:59:58:7d:1f:06:9c:d7:
                    1e:b6:91:c2:b1:02:4c:dd:a7:69:0f:45:a8:a2:f1:
                    a4:c2:b2:71:0c:3f:87:14:03:24:e0:98:25:d6:2e:
                    cf:3d:bd:94:e4:4a:3d:02:1a:7f:02:8b:29:1d:19:
                    66:9f:87:30:8a:c9:50:57:5e:d0:c0:27:a4:70:7a:
                    7b:90:f0:86:0e:31:6d:10:00:b2:60:2b:94:20:86:
                    11:d5:2f:16:70:41:3b:f7:23:3a:06:cc:a9:47:a1:
                    eb:58:37:29:87:85:f4:17:4b:9c:8f:95:8c:9c:9d:
                    47:81:5d:12:7a:25:06:02:ac:db:bc:d7:56:1a:19:
                    c0:57:98:78:6b:b7:32:28:df:f3:33:35:8b:8a:36:
                    11:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:37:A3:E5:56:78:1C:AC:19:24:A0:0F:0F:06:D2:F6:35:C6:73:07
            X509v3 Authority Key Identifier:
                keyid:6B:22:AD:4C:F6:47:A4:8B:63:1F:F8:4F:22:7E:A0:25:21:30:55:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ayKtTPZHpItjH_hPIn6gJSEwVS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/Lzej5VZ4HKwZJKAPDwbS9jXGcwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/595024-8bff-4f18-8ccb-69a44f048db8/1/ayKtTPZHpItjH_hPIn6gJSEwVS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.218.183.0/24
                  193.247.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:d8:3a:e0:0c:ac:46:d3:95:bb:ad:3d:d4:98:7a:e2:33:96:
         09:86:1f:1d:f9:68:f3:3c:a9:16:4e:be:a0:88:6b:f4:31:af:
         13:16:fc:2d:cb:0a:38:46:e5:11:99:b6:3d:2e:d6:df:42:3e:
         34:e7:d8:d6:5e:64:fe:66:3c:7f:53:94:c4:5d:15:f3:9b:ae:
         ae:d8:a8:c7:42:ec:f3:62:10:24:d9:f3:9d:55:6f:79:8a:86:
         20:00:c9:95:31:f4:8b:d1:e8:0c:06:bd:f4:9a:82:79:bb:f6:
         c8:3c:ee:25:4f:f7:23:3b:38:f2:e5:72:4e:9b:0d:11:d2:c8:
         f9:99:e7:cb:30:e0:3a:21:85:94:3f:14:83:5d:e7:f1:5d:03:
         fa:89:22:fa:31:f5:92:97:ec:09:0c:90:c5:f3:74:9e:a9:58:
         45:9c:7b:89:6f:06:22:04:99:2c:49:fd:ee:57:0f:87:dc:d5:
         48:e7:48:8b:f7:4e:c9:20:c9:bc:7c:1d:4c:1d:1c:79:92:07:
         33:46:53:43:4e:e6:6b:d9:a0:2b:eb:d8:76:2c:9f:0e:f2:db:
         e4:4d:85:86:57:9f:39:78:d7:29:33:8e:0c:3e:91:bf:de:12:
         80:79:bd:65:0c:a8:4c:b3:d9:a9:3c:98:28:88:92:10:f4:27:
         2d:83:55:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKE0d4kFlLMgAfwFgcFD9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiMjJhZDRjZjY0N2E0OGI2MzFmZjg0ZjIyN2VhMDI1MjEz
MDU1MmQwHhcNMjQwMTAyMTIzMTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjM3YTNlNTU2NzgxY2FjMTkyNGEwMGYwZjA2ZDJmNjM1YzY3MzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBi68WKbuC+MZFpHx4mTxikv9+Wv
3X0OILVZS8mSEpPXoYJEvADBOUXupHQUCRlhRCU/zeVoPZKcwyzp0yjYSFJy+yXF
HVr1y02mptkGFhrWusgR0Yx16gKh49vF1Z2S2/id1bwMkNkQJELAVcnt9llYfR8G
nNcetpHCsQJM3adpD0WoovGkwrJxDD+HFAMk4Jgl1i7PPb2U5Eo9Ahp/AospHRlm
n4cwislQV17QwCekcHp7kPCGDjFtEACyYCuUIIYR1S8WcEE79yM6BsypR6HrWDcp
h4X0F0ucj5WMnJ1HgV0SeiUGAqzbvNdWGhnAV5h4a7cyKN/zMzWLijYRwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC83o+VWeBysGSSgDw8G0vY1xnMHMB8GA1UdIwQY
MBaAFGsirUz2R6SLYx/4TyJ+oCUhMFUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXlLdFRQWkhwSXRqSF9oUEluNmdKU0V3VlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC81OTUwMjQtOGJmZi00ZjE4LThjY2It
NjlhNDRmMDQ4ZGI4LzEvTHplajVWWjRIS3daSktBUER3YlM5alhHY3djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC81OTUwMjQtOGJmZi00ZjE4LThjY2ItNjlhNDRmMDQ4ZGI4
LzEvYXlLdFRQWkhwSXRqSF9oUEluNmdKU0V3VlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW9q3AwQA
wfeQMA0GCSqGSIb3DQEBCwUAA4IBAQAQ2DrgDKxG05W7rT3UmHriM5YJhh8d+Wjz
PKkWTr6giGv0Ma8TFvwtywo4RuURmbY9LtbfQj4059jWXmT+Zjx/U5TEXRXzm66u
2KjHQuzzYhAk2fOdVW95ioYgAMmVMfSL0egMBr30moJ5u/bIPO4lT/cjOzjy5XJO
mw0R0sj5mefLMOA6IYWUPxSDXefxXQP6iSL6MfWSl+wJDJDF83SeqVhFnHuJbwYi
BJksSf3uVw+H3NVI50iL907JIMm8fB1MHRx5kgczRlNDTuZr2aAr69h2LJ8O8tvk
TYWGV585eNcpM44MPpG/3hKAeb1lDKhMs9mpPJgoiJIQ9Cctg1WW
-----END CERTIFICATE-----